Recently Citibank announced that they were hacked, a typical data breach. See the International Business Times article here, http://www.ibtimes.com/articles/160376/20110609/hacking-citibank-citibank-hacked-citi-hacked-citibank-hack-2011-citibank-online.htm. Were they not conducting vulnerability tests on their own system to see if they were vulnerabile? The comes on the heels of Sega, Sony, Lockheed Martin amongst others. So far they only report that 360,000 cards were compromised. We can assume that those customers, if they actually know which accounts were compromised will get 2 years of credit monitoring. But what happens when you actually get false charges? You now have to go spend time to resolve the problems and most likely you might take a hit to your credit score.

Its amazing that this continues to happen and there isn’t a stronger tie between the credit reporting agencies and the hacked banks to help consumer manage their credit and not be responsible to follow up on a data loss. The consumer is the one who has to bear all the burden. And the banks will probably just add another fee to cover their costs to managing the security breach.

These banks should really be more proactive in conducting vulnerability scans daily, conducting website security testing and implement intrusion detection and prevention systems. We do not know if Citibank had a IDS system in ploace but you would think that with a good prevention system in place, this hack should have been immediately identified and stoped before the data breach could occur?

Gary Bahadur

www.kraasecurity.com

Social Media Security

Website Security Testing

Security Policy Development

 

Enhanced by Zemanta